owasp top10-2021 (#1235)

2022-04-11 21:12:41 +02:00
parent 02c3f9551f
commit b32240f96b
27 changed files with 36 additions and 55 deletions
--- a/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java
+++ b/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java
@@ -31,7 +31,7 @@ public class AuthBypass extends Lesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.AUTHENTICATION;
+        return Category.A7;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java
+++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java
@@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
 public class Cryptography extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.GENERAL;
+        return Category.A2;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java
+++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java
@@ -33,7 +33,7 @@ import org.springframework.stereotype.Component;
 public class CSRF extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.REQUEST_FORGERIES;
+        return Category.A10;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java
+++ b/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java
@@ -37,7 +37,7 @@ import org.springframework.stereotype.Component;
 public class InsecureDeserialization extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.INSECURE_DESERIALIZATION;
+        return Category.A8;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java
+++ b/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java
@@ -38,7 +38,7 @@ public class HijackSession extends Lesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.SESSION_MANAGEMENT;
+        return Category.A1;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java
+++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java
@@ -38,7 +38,7 @@ public class IDOR extends Lesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.ACCESS_CONTROL;
+        return Category.A1;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java
+++ b/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java
@@ -37,7 +37,7 @@ import org.springframework.stereotype.Component;
 public class InsecureLogin extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.INSECURE_COMMUNICATION;
+        return Category.A7;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java
+++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java
@@ -35,7 +35,7 @@ public class JWT extends Lesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.AUTHENTICATION;
+        return Category.A7;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java
+++ b/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java
@@ -37,7 +37,7 @@ import org.springframework.stereotype.Component;
 public class LogSpoofing extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.INSECURE_CONFIGURATION;
+        return Category.A9;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java
+++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java
@@ -34,7 +34,7 @@ public class MissingFunctionAC extends Lesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.ACCESS_CONTROL;
+        return Category.A1;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java
+++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java
@@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
 public class PasswordReset extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.AUTHENTICATION;
+        return Category.A7;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java
+++ b/src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java
@@ -31,7 +31,7 @@ public class PathTraversal extends Lesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.INJECTION;
+        return Category.A3;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java
+++ b/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java
@@ -35,7 +35,7 @@ public class SecurePasswords extends Lesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.AUTHENTICATION;
+        return Category.A7;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java
+++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java
@@ -37,7 +37,7 @@ public class SpoofCookie extends Lesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.SESSION_MANAGEMENT;
+        return Category.A1;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java
@@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
 public class SqlInjectionAdvanced extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.INJECTION; 
+        return Category.A3; 
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java
@@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
 public class SqlInjection extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.INJECTION;
+        return Category.A3;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java
@@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
 public class SqlInjectionMitigations extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.INJECTION;
+        return Category.A3;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java
+++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java
@@ -37,7 +37,7 @@ import org.springframework.stereotype.Component;
 public class SSRF extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.REQUEST_FORGERIES;
+        return Category.A10;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java
+++ b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java
@@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
 public class VulnerableComponents extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.VULNERABLE_COMPONENTS;
+        return Category.A6;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java
@@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
 public class CrossSiteScripting extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.XSS;
+        return Category.A3;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java
@@ -28,7 +28,7 @@ import org.owasp.webgoat.container.lessons.Lesson;
 public class CrossSiteScriptingMitigation extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.XSS;
+        return Category.A3;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java
@@ -28,7 +28,7 @@ import org.owasp.webgoat.container.lessons.Lesson;
 public class CrossSiteScriptingStored extends Lesson {
    @Override
    public Category getDefaultCategory() {
-        return Category.XSS;
+        return Category.A3;
    }

    @Override
--- a/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java
@@ -31,7 +31,7 @@ public class XXE extends Lesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.XXE;
+        return Category.A5;
    }

    @Override